Last updated 2026-07-09

TL;DR
The National Do Not Call Registry API, run by the FTC, lets businesses download registered phone numbers by area code to scrub their call lists. Access costs nothing for up to 5 area codes (small entities) or up to $18,044 a year for all area codes. You must scrub within 31 days of any call. One missed number can cost $51,744 per call in FTC penalties.
What is the DNC registry API and who runs it?
The National Do Not Call Registry is a database run by the Federal Trade Commission. It holds phone numbers submitted by consumers who want telemarketing calls to stop. The FTC gives telemarketers a web interface at donotcall.gov to download lists of those registered numbers by area code. That download mechanism is what most people mean by "DNC registry API," though it's really a subscription data download, not a real-time REST API in the modern developer sense. [1]
The legal backbone is the Telephone Consumer Protection Act, 47 U.S.C. § 227, and the FTC's Telemarketing Sales Rule (16 C.F.R. Part 310). The FTC runs the registry. The FCC enforces TCPA obligations on carriers and telemarketers separately. Both agencies can bring DNC actions, which is why you'll see cases from either side depending on the industry and the conduct involved. [2]
As of mid-2025, the registry holds more than 245 million phone numbers. [12] It has grown every year since launch in 2003. If your team dials outbound without scrubbing, you're almost certainly hitting registered numbers.
How do you get access to the DNC registry API?
The FTC's access portal is donotcall.gov. Any organization that makes telemarketing calls, or any third party (a list broker or compliance vendor) acting on a telemarketer's behalf, has to register for access first. Here's the actual process:
1. Go to donotcall.gov and click "Access the Registry." 2. Create an organization account. You give your company name, address, and a primary contact. 3. Select the area codes you need. You pay per area code per year (see pricing below). 4. After payment, download the data in .txt format, either all numbers for your chosen area codes or only the numbers added or deleted since your last download.
The FTC delivers access through a secure file transfer. You can pull the full registry file or an update file. Update files only carry changes (additions and removals) since a date you specify, which makes incremental scrubbing practical for large teams. [1]
One thing trips people up. You have to re-subscribe every year and re-download at least every 31 days to keep your scrub data current. A list you pulled 60 days ago is not compliant. The rule requires you to check against a registry version no older than 31 days before the date of the call. [3]
For do not call list access from a consumer angle, donotcall.gov is the authoritative source.
What does DNC registry access cost?
The FTC sets subscription fees every year. For the fiscal year ending September 30, 2025, the pricing runs like this. [4]
| Subscription Tier | Annual Cost |
|---|---|
| Up to 5 area codes (small entity exemption) | $0 (free) |
| Each additional area code beyond 5 | $75 per area code |
| All area codes (national access) | $18,044 |
The free tier covers organizations with annual gross revenues under $25 million, nonprofits, or anyone accessing 5 or fewer area codes. A small outbound team calling one state can often stay fully inside the free tier. Call nationally and you pay $18,044 a year for every area code in the U.S. and its territories. [4]
Third-party data providers also sell pre-scrubbed lists or scrubbing services. Prices swing hard, from a few hundred dollars a month for SaaS scrubbing tools to enterprise contracts in the tens of thousands. Many sales ops teams use these vendors precisely because the vendor handles the 31-day freshness requirement automatically. Hiring a vendor does not move your legal liability, though. If their scrub fails and you dial a registered number, you're the one on the hook. [3]
For a wider view of the ftc do not call list and how it works, the FTC's guidance pages are the best primary source.
What data format does the DNC registry download use?
The registry comes as a pipe-delimited text file (.txt). Each line has a phone number (10 digits, no formatting), the registration date, and in some files a flag for added or deleted. There's no JSON endpoint, no XML feed, no REST API with authentication tokens. If you've been hunting for a "DNC API" you can hit with a GET request and an API key, this is a different animal.
The FTC does offer a "change file" download. You set a "since" date and the file only includes numbers that changed after it. For teams refreshing suppression lists on a schedule, that beats pulling the full registry every month.
Parsing the file is simple. Strip formatting, normalize to 10-digit numbers, then compare against your calling list. Most CRMs and dialer platforms have import workflows for this exact format, or you write a short Python or SQL script to load the file into a suppression table.
Third-party API providers build a layer on top of the FTC's files. They ingest the registry, keep a database, and expose a real REST API where you send a phone number and get back a "registered / not registered" answer. Those services usually add state DNC lists and other suppression sources to the federal data. Pricing varies a lot.
How often do you need to scrub your list against the DNC registry?
The Telemarketing Sales Rule is exact here. You must access a registry version downloaded no more than 31 days before the date of any call. [3] That's the rule. Not 60 days, not quarterly. Thirty-one days.
Most compliant teams scrub weekly or monthly. Weekly is safer because it buys a buffer when your workflow lags. Monthly scrubs on a fixed schedule can bite you at the end of the cycle if the list didn't refresh before calls went out.
The 31-day clock runs to the date of the call, not the date you pull the list. Download the registry on January 1, make calls on February 1, and you're at 31 days, right at the ceiling. If something delayed the download and the file is actually 32 days old, you're technically non-compliant on every call made that day.
Using a third-party scrubbing service? Check the data freshness guarantee. Some pull from the FTC daily, others weekly. Put it in the contract that their data is never more than 31 days old, and document that term. In an enforcement action, your vendor agreement is evidence of a good-faith compliance program.
See the FTC's general guidance behind how do i get the do not call list for the consumer-side context, which explains what registrants expect.
What are the penalties for calling a number on the DNC registry?
The FTC raises its civil penalty ceiling every year for inflation. As of 2024, the maximum penalty for a knowing TSR violation, including calling a registered number without an exemption, is $51,744 per violation. Each call is a separate violation. [5] That single number is why casual scrubbing habits get expensive fast.
The FCC has concurrent jurisdiction under TCPA. Under 47 U.S.C. § 227(c)(5), a person who gets more than one telemarketing call from the same entity within 12 months of registering can sue. Statutory damages run $500 per call, trebled to $1,500 if the violation is willful. [2] TCPA class actions have settled anywhere from a few hundred thousand dollars to more than $75 million, depending on campaign size and class members.
The FTC's own enforcement has produced settlements in the tens of millions. It has taken action against robocall operations for amounts ranging from a few million to more than $300 million, though large judgments against shell entities are often uncollectible. [6]
For small outbound teams, the realistic risk is a TCPA private suit. A plaintiff's attorney can file for one person over a handful of calls and settle for $5,000 to $50,000 to make it disappear. That math is why DNC scrubbing is not optional.
For how complaints work, see do not call list report.
Which numbers are NOT protected by the DNC registry?
The federal DNC registry protects residential phone numbers only. Business-to-business calls are generally exempt from the federal registry requirements, though not from every state rule. [3]
Several call categories can lawfully reach registered numbers:
- Calls to people you have an "established business relationship" (EBR) with. Under FTC rules, an EBR runs 18 months after a transaction or 3 months after an inquiry. [3]
- Calls made with prior express written consent.
- Calls from tax-exempt nonprofit organizations.
- Calls that aren't "telephone solicitations" (surveys, political calls, and debt collection sit outside the TSR's DNC provisions, though other rules may apply).
- Calls from political campaigns (outside the FTC's TSR entirely).
The EBR exemption is where teams get burned. It sounds broad. It has real limits. A customer who bought 19 months ago no longer has an active EBR. A person who inquired 4 months ago no longer qualifies. You have to track EBR dates per contact instead of assuming every past customer is fair game.
For mobile numbers, the picture gets messier because TCPA's autodialer restrictions apply on top of DNC rules. See mobile phone do not call list for how those two rule sets collide.
How does the federal DNC registry differ from state DNC lists?
Several states run their own Do Not Call registries alongside the federal one, and some go further. Texas, Florida, Indiana, Pennsylvania, and others keep state-level lists with their own registration processes and different exemptions. [7]
The practical difference is coverage. A number can sit on a state list but not the federal registry, or the reverse. A compliant process checks both. Most third-party scrubbing services fold state lists into their databases, which is one reason teams use them instead of downloading from each state by hand.
State penalties can beat federal ones. Florida's Do Not Call Act (Florida Statutes § 501.059) allows private lawsuits and penalties up to $10,000 per violation. [8] Indiana runs its registry under Indiana Code § 24-4.7. Pennsylvania operates under the Pennsylvania Telemarketer Registration Act.
For state-specific coverage, see:
If you call nationally, assume you scrub every applicable state list. The federal registry does not preempt state lists that give consumers more protection.
Can you build your own DNC registry API integration?
Yes. For a team with a developer on staff, building a direct integration with the FTC's data download is often the cleanest path. A basic system looks like this:
1. Schedule a monthly (or more frequent) automated job to log into donotcall.gov and pull the change file for your subscribed area codes. 2. Parse the pipe-delimited file, load additions into a suppression table, remove deletions. 3. Before any call dials (in your CRM, your dialer, or your lead routing), query the suppression table for that number. 4. Log the scrub date per contact so you can prove freshness if challenged.
The FTC's site uses a form-based login, not OAuth or API keys, so automating the download needs a browser automation tool (Playwright or Selenium) or a direct HTTP POST to the login form. It works, but it's slightly brittle because the FTC can change the site structure. Smart teams automate the download and add a monitoring alert on failure, so they know to run it by hand.
No developer? Tools like LeadCompliant's free checker give you an on-demand way to verify numbers, and the dnc registry overview walks through what the registry actually covers. Managed vendors like Gryphon and Contact Center Compliance (no affiliation, named for reference) offer scrubbing at various price points.
The honest build-vs-buy answer: under 10,000 calls a month, a third-party service almost certainly costs less total time than building and babysitting your own integration. Above 100,000 calls a month, a direct FTC download plus a fast in-house lookup earns its keep.
What records do you need to keep to prove DNC compliance?
The TSR requires telemarketers to keep records that show compliance. The rule at 16 C.F.R. § 310.5 says compliance-related records must be kept for 24 months. [9] That covers:
- The date and area codes of each registry download.
- Proof each call was scrubbed against a registry no older than 31 days.
- Records of any established business relationships used as an exemption.
- Records of prior express written consent where you claim that exemption.
- Your internal do-not-call list (people who told you specifically to stop, separate from the national registry).
The internal DNC list gets overlooked constantly. Even if a number isn't on the national registry, once someone tells your agent "don't ever call me again," that person goes on your internal suppression list. You have 30 days from the request to carry it across every system. [3]
In litigation, two records tend to decide things: scrub logs proving the download date and that it covered the called number's area code, and consent records if you're claiming EBR or written consent. Can't produce those, and you're defending on whether you called a registered number, which is a hard place to stand.
LeadCompliant's compliance kit includes a scrub log template and a consent record format that match what regulators look for. Pre-built documentation like that is genuinely useful if your team has no formal process yet. Just confirm whatever template you pick actually tracks the data points the FTC names.
How does the DNC registry relate to TCPA consent requirements?
Teams confuse these two all the time. DNC registration and TCPA consent are separate legal requirements, and you have to satisfy both.
The national DNC registry is about whether someone asked not to get telemarketing calls at all. If their number is registered and you have no exemption (EBR or written consent), you can't call them, period, no matter how you dial.
TCPA consent, under 47 U.S.C. § 227 and FCC regulations, is about the technology and method you use to reach someone. Use an autodialer or a prerecorded message to call a mobile number and you need prior express written consent whether or not the number sits on the DNC registry. [2]
So you can have a number that's NOT on the DNC registry (the person hasn't opted out of all telemarketing) and still need written TCPA consent to autodial it. And you can have someone who gave you written consent, then later registered on the DNC list, which may revoke that consent for solicitation calls depending on the context.
The FCC's one-to-one consent requirement was set to tighten this further in early 2025, but a federal appeals court vacated that rule before it took effect. Written consent through lead generators is still governed by the FCC's prior express written consent standard, so a specific, named-seller consent remains the safe practice rather than a generic "I agree to be contacted by marketing partners" checkbox. [10]
For a practical guide to the do not call telemarketer list and how consent interacts with it, see the FTC's FAQs at donotcall.gov.
What's the difference between the FTC's DNC registry and the FCC's DNC rules?
Both agencies regulate do-not-call conduct, but through different legal authorities covering somewhat different ground.
The FTC enforces the DNC registry through the Telemarketing Sales Rule under the FTC Act. That covers most commercial telemarketers. Banks, common carriers, airlines, and a few other entities sit outside FTC Act jurisdiction.
The FCC enforces TCPA, 47 U.S.C. § 227, which reaches all telephone calls, not only telemarketing, and covers SMS and text messages too. The FCC's DNC rules, codified at 47 C.F.R. § 64.1200, incorporate the national registry by reference and impose the same 31-day scrubbing requirement. [11]
Here's the real-world hit: you can face FTC action for calling a registered number and separately face FCC action or a private TCPA suit for autodialing a mobile number without consent. Autodial a registered mobile number with no consent and you've got exposure under both regimes at once.
For calls into states, state attorneys general can also bring actions under state consumer protection laws on top of state DNC statutes. So the liability stack from one bad campaign can include FTC civil penalties, FCC consent violations, state DNC penalties, and private TCPA class actions.
See the government do not call list article for how the federal registry and agency oversight fit together.
Frequently asked questions
Is there a real-time DNC registry API I can call with a phone number?
The FTC doesn't offer a real-time API. It provides downloadable files (pipe-delimited text) by area code on a subscription basis. Several third-party vendors, including Contact Center Compliance and Gryphon Networks, build real-time lookup APIs on top of the FTC's data. Those services let you submit a phone number and get a registered/not-registered answer, often within milliseconds. You pay the vendor instead of subscribing directly to the FTC.
How much does it cost to access all area codes in the DNC registry?
For fiscal year 2025, national access to all area codes costs $18,044 a year. Organizations accessing 5 or fewer area codes pay nothing if they qualify as a small entity (under $25 million annual revenue). Each additional area code beyond the free tier costs $75 a year. The FTC sets these fees under 15 U.S.C. § 6153 and updates them annually.
Can I use the DNC registry data for purposes other than scrubbing my call list?
No. The FTC's subscription agreement bars using registry data for any purpose other than preventing telemarketing calls to registered numbers. You can't use it to market products, sell the data, or analyze consumer demographics. Misusing the data violates both the TSR and the subscription agreement, and the FTC has brought cases over improper use of registry data.
Do I need to check the DNC registry before sending text messages?
Yes, if the text is a solicitation. The FTC's TSR applies to marketing text messages, and the FCC's TCPA rules apply to texts sent via autodialer. Many enforcement actions treat marketing SMS the same as calls for DNC purposes. In practice, scrub your SMS lists against the national registry the same way you scrub call lists, and verify TCPA consent separately.
What happens if a number wasn't on the DNC registry when I scrubbed but was added before the call?
The 31-day safe harbor protects you. The FTC's TSR provides that if you downloaded the registry within 31 days of the call and the number wasn't on it at download time, you aren't liable even if it was added between your download and the call. This is the main reason you document your download date for every scrub cycle.
Does the DNC registry cover business phone numbers?
No. The federal registry covers residential phone numbers only. B2B telemarketing calls to registered business numbers generally aren't covered by the national DNC registry under the FTC's TSR. Some states extend DNC protections to business numbers in certain contexts, and internal do-not-call requests from any person, business or consumer, must still be honored.
How long after someone registers on the DNC list do I have before I can't call them?
Thirty-one days. The FTC gives callers 31 days from a consumer's registration date before they must honor it. After that window, calling the number without an applicable exemption is a TSR violation. Since you're downloading the registry at least every 31 days anyway, any newly registered number shows up in your next scrub before the grace period expires.
Can an established business relationship (EBR) override a DNC registration?
Yes, but only within time limits. An EBR lets you call a registered number for up to 18 months after a purchase or transaction, or 3 months after a consumer inquiry. Once those windows close, the EBR is gone and the DNC registration controls. You must track EBR dates per contact. Treating all past customers as EBR-exempt without date tracking is not compliant.
What is the penalty for calling a number on the DNC registry?
The FTC can impose civil penalties up to $51,744 per violation (each call) for knowing TSR violations as of 2024. Under TCPA, private plaintiffs can sue for $500 per call, or $1,500 if willful. These two penalty regimes can run at the same time. A single bad campaign calling thousands of registered numbers can generate liability in the millions before class action attorneys ever get involved.
Do I need to check the DNC registry even if I bought the phone number on a purchased list?
Yes. Buying a list does not transfer liability or create a legal shield. You're responsible for scrubbing every number you call against the national registry, regardless of where it came from. List brokers may claim their data is pre-scrubbed, but verify that claim and still run your own scrub. If the broker's scrub is stale, the liability lands on you.
How do I handle a consumer's request to be added to my internal do-not-call list?
Honor it within 30 days of the request. Both the TSR and TCPA require an internal suppression list separate from the national registry. Once someone asks your company specifically to stop calling, add them to your internal list right away and block the number across all your calling systems within 30 days. Keep that record for at least 5 years to be safe.
How does a small business with no compliance team manage DNC scrubbing practically?
The practical path is a third-party scrubbing service that handles the monthly FTC downloads, state lists, and gives you a simple upload-and-scrub workflow. For very small teams (under a few thousand calls a month), some free or low-cost tools exist. What matters is documenting that you ran a scrub, what date the registry data was from, and which numbers got flagged. That paper trail is your defense if a complaint lands.
Are nonprofit organizations exempt from DNC registry requirements?
Nonprofits are generally exempt from the FTC's TSR, so calls made on behalf of the nonprofit for its own purposes don't have to comply with the registry. If a nonprofit hires a for-profit telemarketer to call on its behalf, though, that telemarketer must still comply with TSR rules including DNC scrubbing. The exemption covers the nonprofit's own conduct, not the commercial vendors it contracts.
What's the difference between the national DNC registry and a company's internal DNC list?
The national registry is the government's database of consumers who opted out of telemarketing generally. Your internal DNC list is your company's own suppression list for people who asked specifically not to hear from you. You're required to keep both separately. Someone can appear on one but not the other, and you must honor both. Removing someone from your email list doesn't add them to call suppression.
Sources
- FTC, National Do Not Call Registry – Access the Registry: The FTC operates the National Do Not Call Registry and provides access for telemarketers to download registered numbers by area code
- 47 U.S.C. § 227 – Telephone Consumer Protection Act: TCPA private right of action allows $500 per call, trebled to $1,500 for willful violations; FCC has concurrent enforcement authority
- FTC, Telemarketing Sales Rule – 16 C.F.R. Part 310: TSR requires scrubbing against a registry no more than 31 days old; EBR lasts 18 months after transaction, 3 months after inquiry; internal DNC requests must be honored within 30 days
- FTC, Telemarketing Sales Rule and Do Not Call Registry Fees: FY2025 registry subscription: free for up to 5 area codes (small entities), $75 per additional area code, $18,044 for all area codes nationally
- FTC, Adjustments to Civil Penalty Amounts: As of 2024 the maximum civil penalty for a knowing TSR violation is $51,744 per violation, with each call counted separately
- FTC, Enforcement Cases and Proceedings: FTC has obtained settlements ranging from millions to hundreds of millions of dollars in DNC-related enforcement actions against robocall operations
- FTC, Telemarketing and Consumer Fraud and Abuse Prevention Act: Multiple states including Florida, Indiana, Texas, and Pennsylvania maintain state DNC registries that operate alongside the federal registry
- Florida Statutes § 501.059 – Florida Do Not Call Act: Florida's DNC Act imposes penalties up to $10,000 per violation and allows private lawsuits
- FTC, Telemarketing Sales Rule – 16 C.F.R. § 310.5 (recordkeeping): TSR requires telemarketers to retain compliance records, including registry download records, for 24 months
- 47 C.F.R. § 64.1200 – FCC TCPA implementing regulations: FCC rules incorporate the national DNC registry and impose the same 31-day scrubbing requirement on telemarketers subject to TCPA
- FTC Consumer Advice – National Do Not Call Registry FAQs: The national DNC registry holds more than 245 million registered phone numbers as of mid-2025